Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-826:Premature Release of Resource During Expected Lifetime
Weakness ID:826
Version:v4.17
Weakness Name:Premature Release of Resource During Expected Lifetime
Vulnerability Mapping:Allowed
Abstraction:Base
Structure:Simple
Status:Incomplete
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
7Vulnerabilities found
CVE-2026-33526
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.2||CRITICAL
EPSS-1.40% / 80.77%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 00:16
Updated-31 Mar, 2026 | 01:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Squid vulnerable to Denial of Service in ICP Request handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

Action-Not Available
Vendor-Squid Cache
Product-squidsquid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-826
Premature Release of Resource During Expected Lifetime
CVE-2026-32748
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.21% / 43.44%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 00:11
Updated-26 Mar, 2026 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Squid has Denial of Service in ICP Response handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. This bug is fixed in Squid version 7.5.

Action-Not Available
Vendor-Squid Cache
Product-squidsquid
CWE ID-CWE-413
Improper Resource Locking
CWE ID-CWE-416
Use After Free
CWE ID-CWE-826
Premature Release of Resource During Expected Lifetime
CVE-2024-58249
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-0.07% / 21.84%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL.

Action-Not Available
Vendor-wxWidgets
Product-wxWidgets
CWE ID-CWE-826
Premature Release of Resource During Expected Lifetime
CVE-2025-31115
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.04% / 12.80%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 16:57
Updated-12 May, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XZ has a heap-use-after-free bug in threaded .xz decoder

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases.

Action-Not Available
Vendor-tukaani-projectSiemens AG
Product-xzSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
CWE ID-CWE-366
Race Condition within a Thread
CWE ID-CWE-416
Use After Free
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-826
Premature Release of Resource During Expected Lifetime
CVE-2025-24912
Assigner-JPCERT/CC
ShareView Details
Assigner-JPCERT/CC
CVSS Score-3.7||LOW
EPSS-0.03% / 10.20%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 04:43
Updated-24 Oct, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.

Action-Not Available
Vendor-w1.fiJouni Malinen
Product-hostapdhostapd
CWE ID-CWE-826
Premature Release of Resource During Expected Lifetime
CVE-2024-51727
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.46%
||
7 Day CHG~0.00%
Published-06 Dec, 2024 | 18:10
Updated-10 Dec, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruijie Reyee OS Premature Release of Resource During Expected Lifetime

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-reyee_osReyee OS
CWE ID-CWE-826
Premature Release of Resource During Expected Lifetime
CVE-2023-1297
Assigner-HashiCorp Inc.
ShareView Details
Assigner-HashiCorp Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.26% / 49.09%
||
7 Day CHG+0.01%
Published-02 Jun, 2023 | 22:48
Updated-08 Jan, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Consul Cluster Peering can Result in Denial of Service

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3

Action-Not Available
Vendor-HashiCorp, Inc.
Product-consulConsulConsul Enterprise
CWE ID-CWE-826
Premature Release of Resource During Expected Lifetime